Skip to content

Enterprise Mobility + Security


How to gain visibility and control of data in cloud apps

This post is authored by Rue Limones, Senior Program Manager, Cloud App Security Engineering Team.

Checking in: Your Journey to GDPR Compliance

In the whitepaper “Beginning Your GDPR Journey,” we introduce five key use case scenarios that are relevant to GDPR compliance where Microsoft Enterprise Mobility + Security (EMS) technologies provide critical support:

  • How to provide persistent data protection on-premises and in the cloud
  • How to grant and restrict access to data
  • How to gain visibility and control of data in cloud apps
  • How to protect data in mobile devices and applications
  • How to detect data breaches before they cause damage

We’re now halfway through our blog series introducing these solutions. It’s a great time to take stock and understand both how far you’ve come and what more we can tackle together. In previous blogs, we showcased the ability of Azure Information Protection (AIP) to provide persistent data protection both on-premises and in the cloud, as well as the role of and Azure Active Directory (Azure AD) in granting and restricting access to data through risk-based conditional access controls. Next, we’ll turn to a discussion of Microsoft Cloud App Security to understand its role in the last two uses cases and in your own GDPR journey. You’ll discover how Cloud App Security ensures you have powerful visibility into, and control over, your data in SaaS apps while also giving you the ability to detect data breaches before they cause damage to the user or your organization.

Visibility and Control through Cloud App Security

Step 1: App Discovery

Deep visibility into user behavior and the movement of data in cloud apps is essential to meeting the GDPR requirements regarding data protection and security, but this is no easy task. A robust cloud app identification capability is your first step. Cloud App Security can discover and assess over 14K+ cloud apps against a set of 60 service, compliance, and security factors. A total risk assessment score and a report card for the app are the results of this analysis.

Now that you understand the relative risk assessment of each app, Cloud App Security policies allow you to enforce specific user behaviors in your enterprise cloud apps. App discovery and discovery anomaly policies will notify you when new apps are detected within your organization or when unusual occurrences are noted within an app. For example, you can use a discovery policy to alert when 20 or more users are detected using new apps with risk assessment score of “4” or less. These policies play an important part in understanding and enforcing the use of safe and sanctioned apps for protecting personal and sensitive data.

Step 2: Data Discovery

As you may have guessed, discovering cloud app usage isn’t always enough. If the data moving within these apps is subject to the GDPR, the apps must be governed under GDPR compliant policies and controls. For data discovery, Cloud App Security can identify unprotected personal or sensitive data with native DLP, Office DLP, or 3rd party solutions as well as detect external sharing or collaboration at a file level. As mentioned in the Part 2 blog, Cloud App Security also integrates with AIP to read file labels. Identifying personal and sensitive data you store is important for your GDPR compliance journey.

Step 3: Control Data

To secure visibility and control of data in your cloud apps, the last step is to establish controls over the data itself. With CAS, you can employ file policies to scan for specific files or file types (such as shared files), data (such as personally identifiable information), and apply governance actions.

Customizing these policies is key and will allow you to tailor the detections to your specific GDPR needs. For example, you can use a file policy to detect when personal and sensitive data are shared externally AND set the governance actions to remove external users. The ability to change sharing permissions, remove collaborators, or place users in quarantine provides near real-time control over your data.

At this point, you’ve gained visibility into your cloud apps and you’ve formulated discovery and file policy controls, but you still need a way to detect and respond to threats targeting your organization and users and do so in a way that conforms to the GDPR mandates.

Enhanced Threat Detection and Response

While your discovery and file policies are at work, Cloud App Security uses behavioral analytics and a robust anomaly detection engine to deliver enhanced threat detection and response capabilities. How does this apply to GDPR? The required GDPR timelines and conditions to report data breaches are stringent; the better informed the detection-to-response cycle is, the more equipped you will be to meet these requirements. Let’s walk through each of the key advantages that Cloud App Security provides here:

User-Centered Detections

As each user interacts with a cloud app, the service assesses the risk in users’ behavior. Impossible travel, a sudden and unexpected download (and possible exfiltration) of data, or spontaneous administrative activity may all be signs of a data breach. Through anomaly detection policies, Cloud App Security applies behavioral analysis to these events to signal you when something abnormal is found. Even better, detection isn’t driven by Cloud App Security alone; all services in EMS are working in concert to strengthen detection across on-premises and in the cloud.

Activity policies leveraging an app’s API can also be used to monitor specific user activities. For example, if you label personal and sensitive files as “GDPR Sensitive,” you can use an activity policy to monitor when anyone accesses these files from an off-corporate network IP address. Your security operations personnel can review this activity and anomaly alerts, conduct further investigation, and continuously customize the policies as needed.

Intelligence-Driven Detections

Cloud App Security’s threat intelligence and detection capabilities are enhanced with the Microsoft Intelligent Security Graph. Acting as a vast repository of threat intelligence and security research data, the graph not only provides CAS, but also all EMS security solutions, with powerful and actionable information.

Coordinated Response

Cloud App Security can take immediate action to suspend a user, revoke a password, or remove sharing permissions of a sensitive file they have accessed. At the same time, all EMS solutions work to formulate complimentary responses. As you learned in the previous post, Azure AD delivers risk-based conditional access. When abnormal events are detected, a user’s risk level increases and triggers a response in access policies. Like an automated lowering of a fortress’s gates when an advancing threat is sensed; you want this to be swift, responsive, and well-integrated, and it’s exactly that!

What’s Ahead?

Cloud App Security and EMS are here to support you in your GDPR compliance journey. In future blogs, you’ll discover how our other security features will enhance the visibility, control, threat detection, and response capabilities we introduced in today’s discussion. More importantly, you’ll witness the power of the EMS to deliver the best integrated and most holistic solution to help meet your organization’s GDPR needs!

As always, the team at Microsoft encourages to you explore further: